Re: POST Method on Redirect (mod_rewrite)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: POST Method on Redirect (mod_rewrite)
From: SOPRO <soprobr@xxxxxxxxx>
Date: Thu, 12 Jul 2007 12:53:15 -0300
In-reply-to: <20070712162959.0e694ec1@grimnir>
Reply-to: users@xxxxxxxxxxxxxxxx

Nick,

I understood your comment about encrypted/unencrypted data.
About that three lines of mod_rewrite, I use them to provide
round-robin for my two web servers.

 I want to know if this lost of POST data is the expected apache's
behavior when redirecting.

Regards,

Fabricio.

2007/7/12, Nick Kew <nick@xxxxxxxxxxxx>:

On Thu, 12 Jul 2007 11:29:57 -0300
SOPRO <soprobr@xxxxxxxxx> wrote:

> Hi all,
>
>  I have the following scenario in my httpd.conf file:
>
> <VirtualHost xxx.xxx.xxx.xxx:80>
>     ServerName myapp.domain.com
>     RewriteEngine On
>     RewriteCond          %{HTTPS} !=on
>     RewriteRule ^/(.*) https://secure.domain.com/myapp/$1 [L,R,NC]
> </VirtualHost>
>
>  My clients must submit a form (POST method) to "myapp.domain.com",
> but when redirect occurs apache losts the submited values.

That is particularly pointless.  The data have already been
POSTed over the wire unencrypted for all to see, and now you're
asking the client to re-post them encrypted.  What actually happens
is up to the browser, and how the user reacts to the security
messages.  If the data should be secure, you need to use the https
address in the first place.

It's also over-complex to use three lines of mod_rewrite where a
single Redirect would do the same job for less effort.

--
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

References:
- POST Method on Redirect (mod_rewrite)
  - From: SOPRO
- Re: POST Method on Redirect (mod_rewrite)
  - From: Nick Kew

Prev by Date: Re: Maintaing the URL when Rewriting
Next by Date: RE: Secure LDAP Auth to Active Directory
Previous by thread: Re: POST Method on Redirect (mod_rewrite)
Next by thread: RE: POST Method on Redirect (mod_rewrite)
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]